Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1379

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1379
Last Modified 05 Sep 2008 04:41:11
Published 16 Sep 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1379

Summary

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.

Vulnerable Systems

Application

  • Xine 1 Alpha

  • Xine 1 Beta1

  • Xine 1 Beta10

  • Xine 1 Beta11

  • Xine 1 Beta12

  • Xine 1 Beta2

  • Xine 1 Beta3

  • Xine 1 Beta4

  • Xine 1 Beta5

  • Xine 1 Beta6

  • Xine 1 Beta7

  • Xine 1 Beta8

  • Xine 1 Beta9

  • Xine 1 Rc0

  • Xine 1 Rc0a

  • Xine 1 Rc1

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc3a

  • Xine 1 Rc3b

  • Xine 1 Rc4

  • Xine 1 Rc5

  • Xine-lib 0.9.8

  • Xine-lib 1 Beta12

  • Xine-lib 1 Beta2

  • Xine-lib 1 Beta3

  • Xine-lib 1 Beta4

  • Xine-lib 1 Beta5

  • Xine-lib 1 Beta6

  • Xine-lib 1 Beta7

  • Xine-lib 1 Beta8

  • Xine-lib 1 Beta9

  • Xine-lib 1 Rc0

  • Xine-lib 1 Rc1

  • Xine-lib 1 Rc2

  • Xine-lib 1 Rc3

  • Xine-lib 1 Rc3a

  • Xine-lib 1 Rc3b

  • Xine-lib 1 Rc3c

  • Xine-lib 1 Rc4

  • Xine-lib 1 Rc5


References

CONFIRM - http://xinehq.de/index.php/security/XSA-2004-5

XF - xine-dvd-subpicture-bo(17423)

BID - 11205

GENTOO - GLSA-200409-30

DEBIAN - DSA-657

SLACKWARE - SSA:2004-266

CONFIRM - http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html

BUGTRAQ - 20040906 XSA-2004-5: heap overflow in DVD subpicture decoder


Last Updated: 27 May 2016 10:39:01